ramnit | da1f39a15537fb46b99179d01c4f24662250c2950cf22a851b0fcc5d6d920d56 | Triage

Submit
Reports

Overview

overview

Static

static

da1f39a155...56.dll

windows7-x64

da1f39a155...56.dll

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

da1f39a15537fb46b99179d01c4f24662250c2950cf22a851b0fcc5d6d920d56
Size

504KB
Sample

221204-b92n9aff45
MD5

d0195fae7561178250e4b4e21cc75b90
SHA1

5b4c28d49ecdac2dc3b64dadf05ad7c596fcc51b
SHA256

da1f39a15537fb46b99179d01c4f24662250c2950cf22a851b0fcc5d6d920d56
SHA512

661fd18be27b8cd3cb1e721b6b5cc57d8184eaaedf036eca2f0b2e35d551e181d180d21a30105984375af0334e7cca8c94e3435e03dd027d0d35f0e0acab405e
SSDEEP

12288:eehnaNPpSVZmNxRCwnwm3W3OHIIf5YsIbAEOgS:eeh0PpS6NxNnwYeOHXrz9gS

Score

10^/10

ramnit banker persistence spyware stealer trojan upx worm

Static task

static1

Behavioral task

behavioral1

Sample

da1f39a15537fb46b99179d01c4f24662250c2950cf22a851b0fcc5d6d920d56.dll

Resource

win7-20220812-en

ramnit banker persistence spyware stealer trojan upx worm

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

da1f39a15537fb46b99179d01c4f24662250c2950cf22a851b0fcc5d6d920d56.dll

Resource

win10v2004-20220812-en

ramnit banker spyware stealer trojan upx worm

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  da1f39a15537fb46b99179d01c4f24662250c2950cf22a851b0fcc5d6d920d56
- Size
  
  504KB
- MD5
  
  d0195fae7561178250e4b4e21cc75b90
- SHA1
  
  5b4c28d49ecdac2dc3b64dadf05ad7c596fcc51b
- SHA256
  
  da1f39a15537fb46b99179d01c4f24662250c2950cf22a851b0fcc5d6d920d56
- SHA512
  
  661fd18be27b8cd3cb1e721b6b5cc57d8184eaaedf036eca2f0b2e35d551e181d180d21a30105984375af0334e7cca8c94e3435e03dd027d0d35f0e0acab405e
- SSDEEP
  
  12288:eehnaNPpSVZmNxRCwnwm3W3OHIIf5YsIbAEOgS:eeh0PpS6NxNnwYeOHXrz9gS
Score

10^/10

ramnit banker persistence spyware stealer trojan upx worm
- Modifies WinLogon for persistence
  persistence
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ramnitbankerpersistencespywarestealertrojanupxworm

behavioral2

ramnitbankerspywarestealertrojanupxworm

© 2018-2025

Terms | Privacy